Showing papers by "Alberto Sangiovanni-Vincentelli published in 2010"

Moving From Federated to Integrated Architectures in Automotive: The Role of Standards, Methods and Tools Automotive electronics systems need to support an increasing number of features and functions. A new integrated architecture paradigm is needed to overcome the proliferation of Electronic Control Units (ECUs) and allow integration of software components on distributed platforms.

Abstract: Cost pressure, flexibility, extensibility and the need for coping with increased functional complexity are changing the fundamental paradigms for the definition of automotive and aeronautics architectures. Traditional designs are based on the concept of a Federated Architecture in which integrated hardware/software components [Electronic Control Units (ECUs)] realize mostly independent or loosely interconnected functions. These components are connected by bus and cooperate by exchanging messages. This paradigm is now being replaced by the Integrated Architecture,―the concept comes from Integrated Modular Avionics (IMA) introduced by the avionics community (see C. B. Watkins and R. Walter, "Transitioning from federated avionics architectures to integrated modular avionics," in Proc. 26th Digital Avionics Syst. Conf., Oct. 2007) but it is certainly general and applicable to other fields and in particular, automotive—in which software components can be supplied from multiple sources, integrated on the same hardware platform or physically distributed and possibly moved from one CPU to another without loss of functional and time correctness and providing a guaranteed level of reliability. This shift will decouple software design from the hardware platform design and provide opportunities for the optimization of the architecture configuration, increased extensibility, flexibility and modularity. However, the integration of software components in a distributed system realizing a complex functional behavior and characterized by safety, time and reliability constraints requires a much tighter control on the component model and its semantics, new methods and tools for analyzing the results of the composition, whether by simulation or formal methods, and methods for exploring the architecture solution space and optimizing the configuration. We provide a general overview of existing challenges and possible solutions to the design and analysis problem, with special focus on the automotive domain. The development of such methods and tools must necessarily consider compatibility with existing modeling languages and standards, including UML, AUTOSAR and synchronous reactive models, on which the widely used commercial products Simulink and SCADE are based.

Moving From Federated to Integrated Architectures in Automotive: The Role of Standards, Methods and Tools

Abstract: Cost pressure, flexibility, extensibility and the need for coping with increased functional complexity are changing the fundamental paradigms for the definition of automotive and aeronautics architectures Traditional designs are based on the concept of a Federated Architecture in which integrated hardware/software components [Electronic Control Units (ECUs)] realize mostly independent or loosely interconnected functions These components are connected by bus and cooperate by exchanging messages This paradigm is now being replaced by the Integrated Architecture, - the concept comes from Integrated Modular Avionics (IMA) introduced by the avionics community (see C B Watkins and R Walter, ?Transitioning from federated avionics architectures to integrated modular avionics?, in Proc 26th Digital Avionics Syst Conf, Oct 2007) but it is certainly general and applicable to other fields and in particular, automotive - in which software components can be supplied from multiple sources, integrated on the same hardware platform or physically distributed and possibly moved from one CPU to another without loss of functional and time correctness and providing a guaranteed level of reliability This shift will decouple software design from the hardware platform design and provide opportunities for the optimization of the architecture configuration, increased extensibility, flexibility and modularity However, the integration of software components in a distributed system realizing a complex functional behavior and characterized by safety, time and reliability constraints requires a much tighter control on the component model and its semantics, new methods and tools for analyzing the results of the composition, whether by simulation or formal methods, and methods for exploring the architecture solution space and optimizing the configuration We provide a general overview of existing challenges and possible solutions to the design and analysis problem, with special focus on the automotive domain The development of such methods and tools must necessarily consider compatibility with existing modeling languages and standards, including UML, AUTOSAR and synchronous reactive models, on which the widely used commercial products Simulink and SCADE are based

Optimizing the Software Architecture for Extensibility in Hard Real-Time Distributed Systems

Abstract: We consider a set of control tasks that must be executed on distributed platforms so that end-to-end latencies are within deadlines. We investigate how to allocate tasks to nodes, pack signals to messages, allocate messages to buses, and assign priorities to tasks and messages, so that the design is extensible and robust with respect to changes in task requirements. We adopt a notion of extensibility metric that measures how much the execution times of tasks can be increased without violating end-to-end deadlines. We optimize the task and message design with respect to this metric by adopting a mathematical programming front-end followed by postprocessing heuristics. The proposed algorithm as applied to industrial strength test cases shows its effectiveness in optimizing extensibility and a marked improvement in running time with respect to an approach based on randomized optimization.

CalCS: SMT solving for non-linear convex constraints

Abstract: Certain formal verification tasks require reasoning about Boolean combinations of non-linear arithmetic constraints over the real numbers. In this paper, we present a new technique for satisfiability solving of Boolean combinations of non-linear constraints that are convex. Our approach applies fundamental results from the theory of convex programming to realize a satisfiability modulo theory (SMT) solver. Our solver, CalCS, uses a lazy combination of SAT and a theory solver. A key step in our algorithm is the use of complementary slackness and duality theory to generate succinct infeasibility proofs that support conflict-driven learning. Moreover, whenever non-convex constraints are produced from Boolean reasoning, we provide a procedure that generates conservative approximations of the original set of constraints by using geometric properties of convex sets and supporting hyperplanes. We validate CalCS on several benchmarks including formulas generated from bounded model checking of hybrid automata and static analysis of floating-point software.

Synthesis of Multitask Implementations of Simulink Models With Minimum Delays

Abstract: Model-based design of embedded control systems using Synchronous Reactive (SR) models is among the best practices for software development in the automotive and aeronautic industry. SR models allow to formally verify the correctness of the design and automatically generate the implementation code. This feature is a major productivity enhancement and, more importantly, can ensure correct-by-design software provided that the code generator is provably correct. This paper presents an improvement of code generation technology for SR obtained via a novel algorithm for optimizing the multitask implementation of Simulink models on single-processor platforms with limited availability of memory. Existing code generation tools require the addition of zero-order hold (ZOH) blocks, and therefore additional memory, and possibly also additional functional delays whenever there is a rate transition in the computation and communication flow. Our algorithm leverages a novel efficient encoding of the scheduling feasibility region to find the task implementation of function blocks with minimum additional functional delays within timing and memory constraints. The algorithm is applied to an automotive case study with tens of function blocks and very high utilization to test its applicability to complex systems.

Using Statistical Methods to Compute the Probability Distribution of Message Response Time in Controller Area Network

Abstract: Automotive electrical/electronic (E/E) architectures need to be evaluated and selected based on the estimated performance of the functions deployed on them before the details of these functions are known. End-to-end delays of controls must be estimated using incomplete and aggregate information on the computation and communication load for ECUs and buses. We describe the use of statistical analysis to compute the probability distribution of Controller Area Network (CAN) message response times when only partial information is available about the functionality and architecture of a vehicle. We provide results compared to simulations as well as trace data. These results demonstrate that our statistical inference can be used for predicting the distribution of the response time of a CAN message, once its priority has been assigned, from limited information such as the bus utilization of higher priority messages.

HILAC: A framework for hardware in the loop simulation and multi-platform automatic code generation of WSN applications

Abstract: Hardware and software platforms for Wireless Sensor Networks (WSNs) are almost as diverse as their application areas, with very limited standardization. Moreover, heterogeneous programming abstractions put high barrier in application development and there is hardly any support for application debugging, except for a few blinking LEDs. Similar problems have been solved in application domains that have similar cost constraints, such as automotive, by the use of model-based design. We address the lack of model-based design tools for the WSN domain by providing a framework (based on Simulink, Stateflow and Stateflow Coder) in which an application developer can model a WSN application by using Stateflow constructs and then use a single model to perform multi-platform Hardware-In-the-Loop (HIL) simulation and platform-specific application code generation.

A Design Flow for Building Automation and Control Systems

Abstract: We propose a system-level design flow for building automation and control (BAC) systems. The input to the design flow is a high level description of the control algorithms given in a model-based environment such as Simulink. The input specification is translated into an intermediate format, and then automatically refined into a distributed implementation. Refinement includes optimal mapping of the functional specification on a set of computation and communication resources, and software synthesis, which generates code for each component in the mapped design while guaranteeing semantic equivalence with the original specification. Experiments with a temperature control system are presented to illustrate the flow.

Optimal Synthesis of Communication Procedures in Real-Time Synchronous Reactive Models

Abstract: Model-based design methodologies are gaining attention in the industrial community because of the possibility of early and efficient functional validation and formal verification of properties at high levels of abstraction. The advantages of validating the design using high-level models can be lost entirely if errors and modifications that are not back-annotated to the higher abstraction levels are introduced when refining the design to lower levels of abstraction. To overcome this problem and to reduce design time, automatic synthesis has been used for the refinement process from Register Transfer Languages (RTLs) to logic gates for digital circuit design. This approach guarantees (assuming that the synthesis algorithms are correctly implemented) that the semantic of the RTL description is semantically equivalent to the semantic of the logic circuit. Automatic code generation is similar in intent and applicability. However, the software implementation of the abstract model must make efficient use of the platform resources that may not reflect all the assumptions of the code generation algorithms. The implementation of communication in a synchronous reactive model requires buffering and access procedures at the kernel level. In previous work, we obtained tight bounds on the size of communication buffers to maintain semantic equivalence. In realtime systems, however, because of the longer execution times of access procedures, an implementation with minimum buffer size may lead to the violation of deadlines. To solve this problem, we propose a Mixed Integer Linear Programming (MILP)-based optimization approach that provides the minimum memory implementation of a set of communication channels while guaranteeing that the task deadline constraints are met. The analysis is validated by an OSEK/VDX-compliant implementation that provides an estimate of actual runtime overheads. The approach is applied to a set of task graphs and an automotive case study.

Corsi e Ricorsi: The EDA Story

Abstract: The article is a reflection on the development of the EDA field, from its early days to its explosive growth and present maturity.

A platform-based methodology for system-level mixed-signal design

Abstract: The complexity of today's embedded electronic systems as well as their demanding performance and reliability requirements are such that their design can no longer be tackled with ad hoc techniques while still meeting tight time to-market constraints. In this paper, we present a system level design approach for electronic circuits, utilizing the platform-based design (PBD) paradigm as the natural framework for mixed-domain design formalization. In PBD, a meet-in-the-middle approach allows systematic exploration of the design space through a series of top-down mapping of system constraints onto component feasibility models in a platform library, which is based on bottom-up characterizations. In this framework, new designs can be assembled from the precharacterized library components, giving the highest priority to design reuse, correct assembly, and efficient design flow from specifications to implementation. We apply concepts from design centering to enforce robustness to modeling errors as well as process, voltage, and temperature variations, which are currently plaguing embedded system design in deep-submicron technologies. The effectiveness of our methodology is finally shown on the design of a pipeline A/D converter and two receiver front-ends for UMTS and UWB communications.

A 2.2mW CMOS LNA for 6–8.5GHz UWB receivers

Abstract: This paper presents an ultra-wideband (UWB) low noise amplifier (LNA) consuming 2.2-mW core dc power for 6–8.5GHz wireless applications. A common-gate input stage is cascaded with a common-source second stage to perform input impedance matching and wideband stagger-tuning amplification, while the current-reuse topology minimizes the dc power dissipation. The design method used to achieve flat-gain response is presented. A detailed analysis gives insight into the issue on the input impedance and suggests a solution. Implemented in a 90-nm CMOS process, the measurement results show power gain of 13.35+/−0.55 dB, input third intercept point (IIP3) of −6.2 (I Bin, and noise figure of 5–6.5 dB. The silicon die with 0.22-mm2 active area allows the design to be adopted for highly integrated low-cost CMOS applications.

Guest Editorial Special Issue on Automotive Embedded Systems

Abstract: The five letters in this special issue on automotive embedded systems cover a spectrum of topics ranging from an innovative concept and environment for the ever-increasing integration of driver and vehicle to novel algorithms and design implementations of automotive embedded systems.

Remembering Richard [A. Richard Newton]

Abstract: A. Richard Newton was larger than life in the eyes of the ones who had the fortune of meeting him. His outlook on life was so different, innovative, and refreshing that one could not avoid being enthralled by his ideas long after parting ways. In this paper, I remember him both as a wonderful human being and as an old and dearest friend. It is not easy for me to do justice to the great contributions that he made to the EDA community and to the world in general. I begin with my own rendition of his accomplishments and his biography decorated with comments from students and colleagues. The body of the paper is about his most significant speeches, which are the best witnesses of his vision and legacy. His own words are so eloquent and convincing that any editing would dilute the message. I will first quote excerpts from his DAC key note address of 1995 and conclude with his unabridged presentation in Berkeley about "the future of the future."